BreachExchange mailing list archives
Re: Unnamed Acquirer Processor Breach Timeline
From: Tom Mahoney <lists () merchant911 org>
Date: Thu, 26 Feb 2009 17:22:56 -0500
Am I missing something or are Willard and the rest forgetting an important part of this 'potential' breach? Given that there is no track data involved, it would seem that on-line merchants are at the most risk here because of chargeback rights. As the Pennsylvania Credit Union Association so aptly put it, "Since track data was not compromised, we are not suggesting that you block and transfer these compromised accounts. Chargeback rights should exist for all Card Not Present transactions simply by the cardholder asserting a dispute for the unauthorized transactions. In other words, issuers shouldn't worry about preemptive card replacement; they can stick it to the on-line merchants. Of course the issuers will gain a few dollars in chargeback fees along the way and the e-Commerce merchant will loose their product and shipping and pay the fine for being another victim of fraud. They are, after all, the path of least resistance for the issuers. Tom Mahoney, Founder & Director (and resident cynic) Over 3800 Merchants united to protect themselves http://www.merchant911.org At 11:31 AM -0500 2/26/09, DAIL, WILLARD A typed out:
An important distinction, I think is issuing bank vs. acquiring bank. Imagine the Visa interchange as a cloud in the middle of a page. To the right are the issuing banks. They carry all of the liability for fraud and their customers are the consumer, who uses the credit card. They make their money in interest and fees associated with the consumer's use of the card. To the left of the cloud is the acquiring bank. Their customers are merchants, who they sign up to accept credit cards. These banks make their money from transaction fees levied on the merchant. Sometimes, an entity can be both an issuer, an acquirer (or a gateway, service provider, or any number of functional designations), but not always.
-- _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss
Current thread:
- Unnamed Acquirer Processor Breach Timeline, some additional confirmation David Shettler (Feb 26)
- <Possible follow-ups>
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation *Hobbit* (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Pia Sachs-Donerkiel (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Clint P. Garrison (Feb 26)
- I 'know' the name of the new payment processor breach security curmudgeon (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Pia Sachs-Donerkiel (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Chris Walsh (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Pia Sachs-Donerkiel (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation DAIL, WILLARD A (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline Tom Mahoney (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline Urban, Michael (Feb 27)
- Re: Unnamed Acquirer Processor Breach Timeline Tom Mahoney (Feb 27)
- Re: Unnamed Acquirer Processor Breach Timeline Urban, Michael (Feb 27)
- Re: Unnamed Acquirer Processor Breach Timeline DAIL, WILLARD A (Feb 27)